From mboxrd@z Thu Jan  1 00:00:00 1970
From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, fifteen,
 updated. 3a3759c625c593e70a7bea479c11834152681565
Date: Sun, 08 Dec 2013 16:08:31 +0100
Message-ID: <20131208150831.8268420756@argus.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6798307100082920248=="
List-Id: <ipfire-scm.lists.ipfire.org>

--===============6798307100082920248==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, fifteen has been updated
       via  3a3759c625c593e70a7bea479c11834152681565 (commit)
       via  8a2cf24a1f5de1e236d5514863b1f57cdd343f27 (commit)
      from  342a91ae257e461d3d0fe3a2da51a724c6f99a20 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3a3759c625c593e70a7bea479c11834152681565
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date:   Sun Dec 8 16:07:35 2013 +0100

    mountkernfs: fix mount of /sys and /proc without initrd.

commit 8a2cf24a1f5de1e236d5514863b1f57cdd343f27
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date:   Sun Dec 8 16:03:25 2013 +0100

    kernel: enable grsecurity on rpi kernel.

-----------------------------------------------------------------------

Summary of changes:
 config/kernel/kernel.config.armv5tel-ipfire-rpi | 165 ++++++++++++++++++++++=
--
 lfs/linux                                       |   8 +-
 src/initscripts/init.d/mountkernfs              |   4 +-
 3 files changed, 162 insertions(+), 15 deletions(-)

Difference in files:
diff --git a/config/kernel/kernel.config.armv5tel-ipfire-rpi b/config/kernel/=
kernel.config.armv5tel-ipfire-rpi
index d343a9d..3f6c8da 100644
--- a/config/kernel/kernel.config.armv5tel-ipfire-rpi
+++ b/config/kernel/kernel.config.armv5tel-ipfire-rpi
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm 3.10.11 Kernel Configuration
+# Linux/arm 3.10.22 Kernel Configuration
 #
 CONFIG_ARM=3Dy
 CONFIG_SYS_SUPPORTS_APM_EMULATION=3Dy
@@ -94,7 +94,6 @@ CONFIG_TINY_RCU=3Dy
 # CONFIG_IKCONFIG is not set
 CONFIG_LOG_BUF_SHIFT=3D19
 # CONFIG_CGROUPS is not set
-# CONFIG_CHECKPOINT_RESTORE is not set
 CONFIG_NAMESPACES=3Dy
 CONFIG_UTS_NS=3Dy
 CONFIG_IPC_NS=3Dy
@@ -187,6 +186,7 @@ CONFIG_MODULE_FORCE_UNLOAD=3Dy
 # CONFIG_MODVERSIONS is not set
 # CONFIG_MODULE_SRCVERSION_ALL is not set
 # CONFIG_MODULE_SIG is not set
+CONFIG_STOP_MACHINE=3Dy
 CONFIG_BLOCK=3Dy
 CONFIG_LBDAF=3Dy
 CONFIG_BLK_DEV_BSG=3Dy
@@ -305,7 +305,6 @@ CONFIG_CPU_TLB_V6=3Dy
 CONFIG_CPU_HAS_ASID=3Dy
 CONFIG_CPU_CP15=3Dy
 CONFIG_CPU_CP15_MMU=3Dy
-CONFIG_CPU_USE_DOMAINS=3Dy
=20
 #
 # Processor Features
@@ -370,7 +369,6 @@ CONFIG_CLEANCACHE=3Dy
 CONFIG_FRONTSWAP=3Dy
 CONFIG_FORCE_MAX_ZONEORDER=3D11
 CONFIG_ALIGNMENT_TRAP=3Dy
-# CONFIG_UACCESS_WITH_MEMCPY is not set
 CONFIG_SECCOMP=3Dy
 CONFIG_CC_STACKPROTECTOR=3Dy
=20
@@ -825,7 +823,6 @@ CONFIG_L2TP_IP=3Dm
 CONFIG_L2TP_ETH=3Dm
 CONFIG_STP=3Dm
 CONFIG_GARP=3Dm
-CONFIG_MRP=3Dm
 CONFIG_BRIDGE=3Dm
 CONFIG_BRIDGE_IGMP_SNOOPING=3Dy
 CONFIG_BRIDGE_VLAN_FILTERING=3Dy
@@ -1012,7 +1009,8 @@ CONFIG_HAVE_BPF_JIT=3Dy
 # Generic Driver Options
 #
 CONFIG_UEVENT_HELPER_PATH=3D"/sbin/hotplug"
-# CONFIG_DEVTMPFS is not set
+CONFIG_DEVTMPFS=3Dy
+CONFIG_DEVTMPFS_MOUNT=3Dy
 # CONFIG_STANDALONE is not set
 # CONFIG_PREVENT_FIRMWARE_BUILD is not set
 CONFIG_FW_LOADER=3Dy
@@ -3766,7 +3764,6 @@ CONFIG_FAT_DEFAULT_IOCHARSET=3D"iso8859-1"
 #
 CONFIG_PROC_FS=3Dy
 CONFIG_PROC_SYSCTL=3Dy
-CONFIG_PROC_PAGE_MONITOR=3Dy
 CONFIG_SYSFS=3Dy
 CONFIG_TMPFS=3Dy
 CONFIG_TMPFS_POSIX_ACL=3Dy
@@ -3977,7 +3974,6 @@ CONFIG_FRAME_POINTER=3Dy
 # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
 # CONFIG_NOTIFIER_ERROR_INJECTION is not set
 # CONFIG_FAULT_INJECTION is not set
-# CONFIG_LATENCYTOP is not set
 # CONFIG_DEBUG_PAGEALLOC is not set
 CONFIG_HAVE_FUNCTION_TRACER=3Dy
 CONFIG_HAVE_FUNCTION_GRAPH_TRACER=3Dy
@@ -4014,6 +4010,158 @@ CONFIG_EARLY_PRINTK=3Dy
 #
 # Security options
 #
+
+#
+# Grsecurity
+#
+CONFIG_PAX_USERCOPY_SLABS=3Dy
+CONFIG_GRKERNSEC=3Dy
+# CONFIG_GRKERNSEC_CONFIG_AUTO is not set
+CONFIG_GRKERNSEC_CONFIG_CUSTOM=3Dy
+
+#
+# Customize Configuration
+#
+
+#
+# PaX
+#
+CONFIG_PAX=3Dy
+
+#
+# PaX Control
+#
+# CONFIG_PAX_SOFTMODE is not set
+CONFIG_PAX_EI_PAX=3Dy
+CONFIG_PAX_PT_PAX_FLAGS=3Dy
+# CONFIG_PAX_XATTR_PAX_FLAGS is not set
+# CONFIG_PAX_NO_ACL_FLAGS is not set
+CONFIG_PAX_HAVE_ACL_FLAGS=3Dy
+# CONFIG_PAX_HOOK_ACL_FLAGS is not set
+
+#
+# Non-executable pages
+#
+CONFIG_PAX_NOEXEC=3Dy
+CONFIG_PAX_PAGEEXEC=3Dy
+CONFIG_PAX_MPROTECT=3Dy
+# CONFIG_PAX_MPROTECT_COMPAT is not set
+CONFIG_PAX_ELFRELOCS=3Dy
+# CONFIG_PAX_KERNEXEC is not set
+CONFIG_PAX_KERNEXEC_PLUGIN_METHOD=3D""
+
+#
+# Address Space Layout Randomization
+#
+CONFIG_PAX_ASLR=3Dy
+CONFIG_PAX_RANDUSTACK=3Dy
+CONFIG_PAX_RANDMMAP=3Dy
+
+#
+# Miscellaneous hardening features
+#
+CONFIG_PAX_MEMORY_SANITIZE=3Dy
+CONFIG_PAX_MEMORY_STRUCTLEAK=3Dy
+CONFIG_PAX_MEMORY_UDEREF=3Dy
+CONFIG_PAX_REFCOUNT=3Dy
+CONFIG_PAX_USERCOPY=3Dy
+# CONFIG_PAX_LATENT_ENTROPY is not set
+
+#
+# Memory Protections
+#
+# CONFIG_GRKERNSEC_KMEM is not set
+CONFIG_GRKERNSEC_JIT_HARDEN=3Dy
+# CONFIG_GRKERNSEC_PERF_HARDEN is not set
+CONFIG_GRKERNSEC_RAND_THREADSTACK=3Dy
+CONFIG_GRKERNSEC_PROC_MEMMAP=3Dy
+CONFIG_GRKERNSEC_BRUTE=3Dy
+CONFIG_GRKERNSEC_MODHARDEN=3Dy
+CONFIG_GRKERNSEC_HIDESYM=3Dy
+CONFIG_GRKERNSEC_KERN_LOCKOUT=3Dy
+
+#
+# Role Based Access Control Options
+#
+CONFIG_GRKERNSEC_NO_RBAC=3Dy
+# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
+CONFIG_GRKERNSEC_ACL_MAXTRIES=3D3
+CONFIG_GRKERNSEC_ACL_TIMEOUT=3D30
+
+#
+# Filesystem Protections
+#
+# CONFIG_GRKERNSEC_PROC is not set
+CONFIG_GRKERNSEC_LINK=3Dy
+# CONFIG_GRKERNSEC_SYMLINKOWN is not set
+CONFIG_GRKERNSEC_FIFO=3Dy
+# CONFIG_GRKERNSEC_SYSFS_RESTRICT is not set
+# CONFIG_GRKERNSEC_ROFS is not set
+CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=3Dy
+CONFIG_GRKERNSEC_CHROOT=3Dy
+# CONFIG_GRKERNSEC_CHROOT_MOUNT is not set
+CONFIG_GRKERNSEC_CHROOT_DOUBLE=3Dy
+CONFIG_GRKERNSEC_CHROOT_PIVOT=3Dy
+CONFIG_GRKERNSEC_CHROOT_CHDIR=3Dy
+# CONFIG_GRKERNSEC_CHROOT_CHMOD is not set
+CONFIG_GRKERNSEC_CHROOT_FCHDIR=3Dy
+# CONFIG_GRKERNSEC_CHROOT_MKNOD is not set
+CONFIG_GRKERNSEC_CHROOT_SHMAT=3Dy
+CONFIG_GRKERNSEC_CHROOT_UNIX=3Dy
+CONFIG_GRKERNSEC_CHROOT_FINDTASK=3Dy
+CONFIG_GRKERNSEC_CHROOT_NICE=3Dy
+CONFIG_GRKERNSEC_CHROOT_SYSCTL=3Dy
+# CONFIG_GRKERNSEC_CHROOT_CAPS is not set
+CONFIG_GRKERNSEC_CHROOT_INITRD=3Dy
+
+#
+# Kernel Auditing
+#
+# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
+# CONFIG_GRKERNSEC_EXECLOG is not set
+CONFIG_GRKERNSEC_RESLOG=3Dy
+# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
+# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set
+# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
+# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
+CONFIG_GRKERNSEC_SIGNAL=3Dy
+CONFIG_GRKERNSEC_FORKFAIL=3Dy
+# CONFIG_GRKERNSEC_TIME is not set
+CONFIG_GRKERNSEC_PROC_IPADDR=3Dy
+# CONFIG_GRKERNSEC_RWXMAP_LOG is not set
+
+#
+# Executable Protections
+#
+CONFIG_GRKERNSEC_DMESG=3Dy
+CONFIG_GRKERNSEC_HARDEN_PTRACE=3Dy
+CONFIG_GRKERNSEC_PTRACE_READEXEC=3Dy
+CONFIG_GRKERNSEC_SETXID=3Dy
+# CONFIG_GRKERNSEC_TPE is not set
+
+#
+# Network Protections
+#
+CONFIG_GRKERNSEC_RANDNET=3Dy
+CONFIG_GRKERNSEC_BLACKHOLE=3Dy
+CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=3Dy
+# CONFIG_GRKERNSEC_SOCKET is not set
+
+#
+# Physical Protections
+#
+# CONFIG_GRKERNSEC_DENYUSB is not set
+
+#
+# Sysctl Support
+#
+# CONFIG_GRKERNSEC_SYSCTL is not set
+
+#
+# Logging Options
+#
+CONFIG_GRKERNSEC_FLOODTIME=3D10
+CONFIG_GRKERNSEC_FLOODBURST=3D6
 CONFIG_KEYS=3Dy
 # CONFIG_ENCRYPTED_KEYS is not set
 CONFIG_KEYS_DEBUG_PROC_KEYS=3Dy
@@ -4027,7 +4175,6 @@ CONFIG_SECURITY_NETWORK_XFRM=3Dy
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set
-# CONFIG_SECURITY_YAMA is not set
 # CONFIG_IMA is not set
 # CONFIG_EVM is not set
 CONFIG_DEFAULT_SECURITY_DAC=3Dy
diff --git a/lfs/linux b/lfs/linux
index b35813a..1a9f770 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -26,7 +26,7 @@ include Config
=20
 VER        =3D 3.10.22
=20
-RPI_PATCHES =3D linux-3.10.10-c1af7c6
+RPI_PATCHES =3D linux-3.10.10-grsec-c1af7c6
 GRS_PATCHES =3D grsecurity-2.9.1-3.10.22-ipfire1.patch.xz
=20
 THISAPP    =3D linux-$(VER)
@@ -75,7 +75,7 @@ rpi-patches-$(RPI_PATCHES).patch.xz	=3D $(URL_IPFIRE)/rpi-p=
atches-$(RPI_PATCHES).p
 $(GRS_PATCHES)				=3D $(URL_IPFIRE)/$(GRS_PATCHES)
=20
 $(DL_FILE)_MD5				=3D d2b030e809d0f03d2d6ddfcc5108d641
-rpi-patches-$(RPI_PATCHES).patch.xz_MD5	=3D ef9274b3ff5d05daaaa4bdbe86ad00fc
+rpi-patches-$(RPI_PATCHES).patch.xz_MD5	=3D f55981853573236069db5ad9fb7a4bd9
 $(GRS_PATCHES)_MD5			=3D 2fe9cf094b9069918f66b2b1895431eb
=20
 install : $(TARGET)
@@ -122,11 +122,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
=20
 	# Grsecurity-patches
 ifneq "$(KCFG)" "-headers"
-ifneq "$(KCFG)" "-rpi"
+#ifneq "$(KCFG)" "-rpi"
 	cd $(DIR_APP) && xz -c -d $(DIR_DL)/$(GRS_PATCHES) | patch -Np1
 	cd $(DIR_APP) && rm localversion-grsec
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.7-disable-comp=
at_vdso.patch
-endif
+#endif
 endif
=20
 	# Disable pcspeaker autoload
diff --git a/src/initscripts/init.d/mountkernfs b/src/initscripts/init.d/moun=
tkernfs
index 1e5be05..9cbceb4 100644
--- a/src/initscripts/init.d/mountkernfs
+++ b/src/initscripts/init.d/mountkernfs
@@ -21,12 +21,12 @@ case "${1}" in
=20
 		if ! mountpoint /proc &> /dev/null; then
 			boot_mesg -n " /proc" ${NORMAL}
-			mount -n /proc || failed=3D1
+			mount -n -t proc /proc /proc || failed=3D1
 		fi
=20
 		if ! mountpoint /sys &> /dev/null; then
 			boot_mesg -n " /sys" ${NORMAL}
-			mount -n /sys || failed=3D1
+			mount -n -t sysfs /sys /sys || failed=3D1
 		fi
=20
 		boot_mesg "" ${NORMAL}


hooks/post-receive
--
IPFire 2.x development tree

--===============6798307100082920248==--